sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used

Typically the USE_WINDOWS_SSPI definition would not be used when the CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication data structures and functions would incorrectly be used when they shouldn't be. Introduced a new USE_KRB5 definition that takes into account the use of CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
author: Steve Holme <steve_holme@hotmail.com> 2014-11-02 00:24:32 +0000
committer: Steve Holme <steve_holme@hotmail.com> 2014-11-02 00:35:16 +0000
commit: b6821dbb91a7433d7451c1ad4cbd49cc4b8a71a9 (patch)
tree: aa55f2ea79191187bd7d93d80618eb802b63b43b /lib
parent: b04eef13182dd3d26bf095758d27b13556583fab (diff)
8 files changed, 27 insertions, 18 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 7e2b8afaf..3bf973d95 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -53,7 +53,7 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
 #endif
 
@@ -722,7 +722,7 @@ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
  */
 void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
 {
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
   /* Cleanup the gssapi structure */
   if(authused == SASL_MECH_GSSAPI) {
     Curl_sasl_gssapi_cleanup(&conn->krb5);
diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h
index e56fa1a5f..68ef5526c 100644
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -28,7 +28,7 @@ struct SessionHandle;
 struct connectdata;
 struct ntlmdata;
 
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 struct kerberos5data;
 #endif
 
@@ -123,7 +123,7 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
 
 #endif /* USE_NTLM */
 
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token
    message */
 CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
@@ -142,7 +142,7 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
                                                   struct kerberos5data *krb5,
                                                   char **outptr,
                                                   size_t *outlen);
-#endif
+#endif /* USE_KRB5 */
 
 /* This is used to generate a base64 encoded XOAUTH2 authentication message
    containing the user name and bearer token */
diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c
index 21edcd65d..9ae6f5d91 100644
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -44,7 +44,9 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
+#if defined(USE_KRB5)
 void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
+#endif
 
 /*
  * Curl_sasl_build_spn()
@@ -269,9 +271,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
 
   return result;
 }
-
 #endif /* !CURL_DISABLE_CRYPTO_AUTH */
 
+#if defined(USE_KRB5)
 /*
  * Curl_sasl_create_gssapi_user_message()
  *
@@ -703,5 +705,6 @@ void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5)
   /* Reset any variables */
   krb5->token_max = 0;
 }
+#endif /* USE_KRB5 */
 
 #endif /* USE_WINDOWS_SSPI */
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index 353b15fcb..a20aab19b 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -608,12 +608,18 @@ int netware_init(void);
 #define USE_SSL    /* SSL support has been enabled */
 #endif
 
+/* Single point where USE_SPNEGO definition might be defined */
 #if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
     (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
 #define USE_SPNEGO
 #endif
 
-/* Single point where USE_NTLM definition might be done */
+/* Single point where USE_KRB5 definition might be defined */
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) && defined(USE_WINDOWS_SSPI)
+#define USE_KRB5
+#endif
+
+/* Single point where USE_NTLM definition might be defined */
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \
     !defined(CURL_DISABLE_CRYPTO_AUTH)
 #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
diff --git a/lib/imap.c b/lib/imap.c
index ee1bad295..4a0419a18 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -1300,7 +1300,7 @@ static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
 }
 #endif
 
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 /* For AUTHENTICATE GSSAPI (without initial response) responses */
 static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn,
                                             int imapcode,
@@ -1911,7 +1911,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
       break;
 #endif
 
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
     case IMAP_AUTHENTICATE_GSSAPI:
       result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state);
       break;
@@ -2803,7 +2803,7 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn,
 
   /* Calculate the supported authentication mechanism, by decreasing order of
      security, as well as the initial response where appropriate */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
     if((imapc->authmechs & SASL_MECH_GSSAPI) &&
        (imapc->prefmech & SASL_MECH_GSSAPI)) {
     imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
diff --git a/lib/pop3.c b/lib/pop3.c
index 13528e3d5..03d737ef2 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -1131,7 +1131,7 @@ static CURLcode pop3_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
 }
 #endif
 
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 /* For AUTH GSSAPI (without initial response) responses */
 static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn,
                                             int pop3code,
@@ -1591,7 +1591,7 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
       break;
 #endif
 
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
     case POP3_AUTH_GSSAPI:
       result = pop3_state_auth_gssapi_resp(conn, pop3code, pop3c->state);
       break;
@@ -2121,7 +2121,7 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn,
 
   /* Calculate the supported authentication mechanism, by decreasing order of
      security, as well as the initial response where appropriate */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
   if((pop3c->authmechs & SASL_MECH_GSSAPI) &&
       (pop3c->prefmech & SASL_MECH_GSSAPI)) {
     pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
diff --git a/lib/smtp.c b/lib/smtp.c
index 6d1aa0120..448b040c7 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -1150,7 +1150,7 @@ static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
 }
 #endif
 
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 /* For AUTH GSSAPI (without initial response) responses */
 static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn,
                                             int smtpcode,
@@ -1630,7 +1630,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
       break;
 #endif
 
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
     case SMTP_AUTH_GSSAPI:
       result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state);
       break;
@@ -2221,7 +2221,7 @@ static CURLcode smtp_calc_sasl_details(struct connectdata *conn,
 
   /* Calculate the supported authentication mechanism, by decreasing order of
      security, as well as the initial response where appropriate */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
   if((smtpc->authmechs & SASL_MECH_GSSAPI) &&
      (smtpc->prefmech & SASL_MECH_GSSAPI)) {
     smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
diff --git a/lib/urldata.h b/lib/urldata.h
index 83d190453..5a65c4a74 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -419,7 +419,7 @@ typedef enum {
 #endif
 
 /* Struct used for GSSAPI (Kerberos V5) authentication */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 struct kerberos5data {
   CredHandle *credentials;
   CtxtHandle *context;
@@ -980,7 +980,7 @@ struct connectdata {
   struct sockaddr_in local_addr;
 #endif
 
-#if defined(USE_WINDOWS_SSPI) /* Consider moving some of the above GSS-API */
+#if defined(USE_KRB5)         /* Consider moving some of the above GSS-API */
   struct kerberos5data krb5;  /* variables into the structure definition, */
 #endif                        /* however, some of them are ftp specific. */
author	Steve Holme <steve_holme@hotmail.com>	2014-11-02 00:24:32 +0000
committer	Steve Holme <steve_holme@hotmail.com>	2014-11-02 00:35:16 +0000
commit	b6821dbb91a7433d7451c1ad4cbd49cc4b8a71a9 (patch)
tree	aa55f2ea79191187bd7d93d80618eb802b63b43b /lib
parent	b04eef13182dd3d26bf095758d27b13556583fab (diff)